[ matrix ]
05.11.2017
14:53:09
<b>aaron:</b> Hey you, kekoosh! (Gitter): Heh, I don’t even use Twitter.
strange
05.11.2017
15:11:41
Wise. Twitter is in Russian reversal mode now, it uses its users
Mario
05.11.2017
15:13:37
Add .cc/ to your tweet if you wanna tweet something more than 250 chars (or whatever the limit is)
[ matrix ]
05.11.2017
15:13:50
aaron: Now? Don’t all services use their users to one extent or another?
Google
:ʒ
05.11.2017
15:22:10
i thought the opposite.
Newnix
05.11.2017
15:32:42
[ matrix ]
05.11.2017
15:41:16
<b>aaron:</b> VMs are better at isolation than jails (FreeBSD) or containers (Linux).
<b>aaron:</b> Just a side-effect of their design.
<b>aaron:</b> That doesn’t mean there’s not exploits to escape or divine host/neighbor activity in each system.
Shawn
05.11.2017
15:44:42
Neither should be relied on for security. They're wonderful tools for organization and division of resources. But not for security.
[ matrix ]
05.11.2017
15:46:12
<b>aaron:</b> VMs are a pretty good tool for easy access to security features. I don’t know anyone else exposing stuff like VM-d to userspace.
norj
05.11.2017
15:46:15
So the solution is to have a separate machine and seperate network for unsafe activity?
[ matrix ]
05.11.2017
15:46:57
<b>aaron:</b> ^ Ideally, yes. We don’t live in an ideal world though, so isolate, contain, and monitor.
Shawn
05.11.2017
15:47:05
Newnix
05.11.2017
15:48:48
[ matrix ]
05.11.2017
15:49:01
<b>Hey you, kekoosh! (Gitter):</b> that heavily depends on what you describe as unsafe activity. physical separation can be a fatal flaw if swat goes in and you didn't have time to pull out yubi-key, or if your spouse/parent/partner buys usb keylogger, etc.etc. etc. 99% cases your vm setup with some encryption is more than enough
Google
:ʒ
05.11.2017
15:49:06
Mario
05.11.2017
15:50:22
Newnix
05.11.2017
15:50:48
[ matrix ]
05.11.2017
15:50:51
<b>aaron:</b> Hey you, kekoosh! (Gitter): If your security relies on a physical key constantly in your system, you should build around that.
<b>aaron:</b> Hey you, kekoosh! (Gitter): And I don’t mean skip the isolation part.
<b>Hey you, kekoosh! (Gitter):</b> I mean, if you want protection, you either go full batshit crazy mode if you have time & skills, or think about what are you protecting from: over-protection in unskilled hands is far worse than simple protection you understand fully. more week points etc
<b>Hey you, kekoosh! (Gitter):</b> like don't roll your own crypto
<b>aaron:</b> Hey you, kekoosh! (Gitter): The Point of ubikeys is to plug in at time of auth. They’re not designed as a permanent fixture.
aaron: (And they’re always supposed to be paired with a password (2FA), so even failing and leaving one in should not disrupt your security model.)
<b>Hey you, kekoosh! (Gitter):</b> yeah, I know, it was a figure of speech, that story about some guy from tor-market who didn't have time to lock the computer
Hey you, kekoosh! (Gitter): I should google that story
<b>aaron:</b> That was a single computer. There was no isolation there. He got tackled (literally) in the library.
:ʒ
05.11.2017
15:56:40
[ matrix ]
05.11.2017
15:56:52
Hey you, kekoosh! (Gitter): books are evil
Shawn
05.11.2017
15:57:34
Jan
05.11.2017
15:58:13
I have rpi lying around
[ matrix ]
05.11.2017
15:58:53
<b>aaron:</b> Complete hardware isolation per application.
Jan
05.11.2017
15:59:06
USB ----rpi--scanning----unifected usb--computer
Shawn
05.11.2017
15:59:09
For security, I recommend thermite. Although that's proven to not be 100% successful, either.
Google
Jan
05.11.2017
15:59:13
Is it good enough set up
Browsing on rpi may be slower
Newnix
05.11.2017
16:00:11
Jan
05.11.2017
16:00:26
So in that Case I 'll go for browser add-ons
Which are other resources for infection except browsing and USB
May be wireless connections
:ʒ
05.11.2017
16:02:23
Jan
05.11.2017
16:03:48
It's impractical to disconnect internet
Admin
Jan
05.11.2017
16:04:19
What's thermite and ricin
Newnix
05.11.2017
16:05:08
[ matrix ]
05.11.2017
16:05:17
aaron: Jan Naj (Telegram): duckduckgo.com
Shawn
05.11.2017
16:05:37
[ matrix ]
05.11.2017
16:06:08
<b>aaron:</b> Shawn Webb (Telegram): Pretty bad success rate on metal HDDs though. I think it secures SSDs good enough though.
.:VMS:.
05.11.2017
16:14:18
seems to be a pixel art for openbsd ??
Lain
05.11.2017
16:17:27
Cool
norj
05.11.2017
17:35:46
.:VMS:.
05.11.2017
17:36:50
nice, i'm a pixel art fan too xD
Google
.:VMS:.
05.11.2017
17:37:04
my shit logo is a shit reference for netbsd
Lain
05.11.2017
17:53:27
Me too
strange
05.11.2017
22:49:39
Almost break my head trying to find why pyenv doesn't see what python on 11.
This is by design, symlink helped
*what python->system python
Mario
05.11.2017
22:51:55
[ matrix ]
06.11.2017
06:43:00
VVelox: https://metacpan.org/release/VVELOX/Proc-ProcessTable-Colorizer-0.0.0
Wooho!
Jaypatelani: Is it better to change kernel name of host os to reduce attack vector? Compiling os with different name? Or just user-agent OS name change is better?
Jay
06.11.2017
09:51:48
https://qz.com/1120344/200-universities-just-launched-600-free-online-courses-heres-the-full-list/
#BSDSec LibreSSL 2.6.3 Released... #OpenBSD https://t.co/szJU4fe81Z— BSDSec.net (@BSDSec) November 6, 2017
November 06, 2017 at 03:41PM
via Twitter https://twitter.com/BSDSec